8 ways you can use our Whois API

Over the years, we’ve learned a lot about Whois and Whois API. In some cases, we were the trailblazers with our groundbreaking research. However, most of the time, we were inspired by our clients, such as King and Wikimedia, and what they were doing with our APIs.

So why not share this with the world, and give developers ideas on using a Whois API? Here we go!

List of examples of how you can use a Whois API:

  1. Build a domain availability checker (simple)
  2. Build a domain availability checker (advanced)
  3. Red-flag domain names in cybersecurity
  4. Catch expired domain names
  5. Perform large-scale research
  6. Protect against various infringement
  7. Spam people and businesses not with our Whois API
  8. Manage your domain portfolio and domain monitoring
  9. Use domain checks in other advanced tools

1. Build a simple domain availability checker

We wrote about building a domain availability checker a few times (here, here, and here in particular), so there’s no point in repeating ourselves. Suffice it to say, with a Whois request, you can check if a domain name is registered or not. With a Whois API request, you can do it programmatically. This means that an application can check for available domain names without user input. Instead of manually checking Whois for each domain, the software can make thousands upon thousands of domain availability checks.

What do I mean by a simple domain availability checker? Well, you’ve seen such a checker each time you wanted to register a domain name. Web hosting companies like to build those in an attempt to get new clients. Why? Well, there’s no point in buying a web hosting service if you don’t own a domain name that you can attach to. Finding a good domain name is both an art and a science, but equally obvious is that you need a good tool to check domain availability. There are simple domain availability checkers where you type in the domain name, and the tool responds with one of two options. The domain is available for registration, and the domain was already registered. Additionally, the domain checker gives you the option to check Whois.

And then there are…

2. Build an advanced domain availability checker

Maybe you’ve seen these, and maybe you haven’t. Domain investors (individuals and companies into domain flipping) are especially attracted to these. The reason is obvious. Domain investors want to be ahead of the game and register domain names at lower prices and then resell domain names at a profit. Speaking of domain flipping and advanced domain availability checkers, I am no stranger to both. I have built an advanced domain availability checker and traded some domain names. So if you are new to this, and are not sure what these look like, let me explain by sharing a few examples.

Example of advanced domain checker

Example of an advanced domain checker

  1. Domain name spinners and domain name generators – These domain tools let you type one keyword, and the domain checker responds with hundreds of different TLDs and domain names. All these domain names are automatically checked and all proposed domain names on the list are available for registration
  2. Bulk domain checkers – These advanced domain checkers allow you to copy-paste or upload a humongous list of domains. For example, if you want to check half a million .com or .net domain names in one swoop this would be the tool that lets you do that.
  3. Keyword combinations – Let’s say you want a domain checker that allows you to quickly check keyword combinations on various TLDs. Just as the screenshot above shows, you could type geo keywords (Miami, LA, Boston, Dallas) in one box, and in the other box, you type in a profession (plumber, lawyer, attorney, banker).
  4. Artificial intelligence domain suggestion – Imagine a tool that generates brandable & memorable domain names using AI that are available for registration. Well, even if you are AI, it has to check domain name availability at some point. Being the artificial intelligence it is, it must check thousands of domain names, and a robust Whois API allows it to do just that.

3. Red-flag domain names in cybersecurity

One of the easiest ways to spot bad actors is to check domain age. You could do that with a Domain Age API but you can just as easily find out domain age from the “date created” part of the Whois API. When you check a domain name with Whois API, you get all sorts of data. One that’s particularly interesting in cybersecurity circles is the domain creation date. It looks like this:

Domain name creation date whois example "date_created": "2011-02-14 15:31:26",

Domain name creation date Whois example “date_created”: “2011-02-14 15:31:26”,

From there, you can determine if the domain name is very old or new. WanaCry was a good example where we learned that brand-new domain names are used in bad faith. You could stop your cybersecurity efforts there or use other data sources and information to create your own Domain Scoring system and rate domain names. Guess where else you can find domain names and where you can use this technique. Well, in emails. An email address consists of a name and a domain name. YourName@DomainName.com. If you are rating domain names, you can also rate and filter emails based on data collected by Whois API, SSL API, or any other API.

4. Catch expired domain names

If you are looking for available domain names that have some SEO juice, then obviously, at some point, you will have to check if any of these millions of domain names are available for registration. Since you can’t check these domain names one by one, you will use some Whois API or Domain Availability API variation. Expired domain names are still very popular in SEO circles because they give some reputation (through backlinks that still point to this expired domain name).

These backlinks and reputation in the Google index make it easier to rank on Google. Some of these domain names will bring referral traffic and can be sold in the aftermarket.

There are a few different ways you can catch an expired domain name. Sometimes there are many potential new owners, so you will have to drop-catch the domain name. At other times, the domain name will expire and become available for registration. Let’s say you build a tool that finds these valuable domain names, and you want to check if they are available for registration. You would need a Whois API to do that check in the end.

5. Perform large-scale research

I’ve already mentioned in the beginning that WhoAPI was behind some fascinating research. We found that all four-letter .com domain names were registered (all 456,976). In other research, we also found that out of the 456,976 four-letter .net that we checked, there are still 177,717 four-letter .net domain names available for registration. Checking all those domain names would take forever if we didn’t use a Whois API. Imagine checking almost a million domain names manually.

If you want to perform large-scale research, you need the power of an API. What kind of research could you conduct with a Whois API? Let’s see:

  • Determine which domain names were registered in the ’80s, ’90s, or some other timeframe
  • From your dataset, determine which domain names were registered in the last year, month, day
  • If you have a list of domain names, check which domain registrar is holding the most domain names
  • Find domain names that expire today out of millions of registered domain names.
  • Are there any X types of domain names that are available? Remember, we checked four-letter .com, four-letter .net, and short numeric .com domains
  • Which nameserver (and therefore web hosting company) is the most popular

Hopefully, you get the idea, and maybe there’s something you could check yourself. Let’s proceed with the next item in the line. Did you know that with a Whois API, you could…

6. Protect against various infringement

We wrote about that time we found some websites that were infringing on Adidas and RayBan trademarks. There were red flags on the websites, but a Whois search also helped confirm the infringement. In 2023 it’s harder to do it with our API (more on this in the next item) because we no longer include domain owner information. But even without that, you can spot the difference in Whois from a typical branded website such as adidas.com and niceadidas.com. Just compare the domain registrar, registration date, and nameservers. If there’s a suspicious recurring theme, then there’s a good chance the website is fake.

With a Whoist API, it’s easier to check if any domain names are registered with your trademark name. And if any domain names are registered, you can get more information on them with a Whois request. It may not be the deciding factor, but it helps your investigation.

7. Spam people and businesses not with our Whois API

The fact of the matter is Whois contains ownership details. These include email address, name, postal address, and more. Theoretically, if you have a database of one million domain names, and you made a Whois request for every one of those domain names, you could potentially get an email and the owner’s name of every domain name. Having an email address with a name attached to it is equivalent to a gold mine for every email or newsletter campaigner. This wouldn’t fall under best practices, but unfortunately, spamming is the modus operandi for some.

With the launch of GDPR, the California privacy rights act, and Brazil’s General Data Protection Law, I (Goran Duskic – Founder and CEO of WhoAPI) made an executive decision in January 2018. I decided that we would no longer endorse spammers by sharing domain name ownership details. In all honesty, we didn’t lose many clients when we removed all contact details from our Whois API, but it didn’t make me feel better, and I slept better. I understand that our competitors have a better product because of this, but we are a very small company, and I don’t concern myself with market share.

whois example without domain ownership information

Whois example without domain ownership information

One potential problem is that attorneys, police, and journalists could use this information for good, but I don’t have the bandwidth to decide who gets to access this information and who doesn’t. I know some of you feel this is doing business with one hand tied, but I think this is the right decision. Maybe not a profitable one, but definitely a moral one. Besides, you can use a Whois API in other ways, such as…

7. Manage your domain portfolio and domain monitoring

I suppose it’s hard to comprehend why you would need to manage a domain portfolio or monitor your domain names if you own 5 domain names that are residing in your GoDaddy account. But unintentional domain expirations still happen. We’ve already established how important are expired domain names. Now throw in large corporations with hundreds or thousands of domain names registered with different domain registrars on different TLDs. It’s just cumbersome, and it’s hard.

A good Whois API can help you track not just your domain names, but any domain names.

You can track where these domain names are:

  • Hosted
  • Registered
  • Expiry date

Here’s an example of how this could look like.

Domain monitoring tool example

Domain monitoring tool example

8. Use domain checks in other advanced tools

Lastly, you could check domain names programmatically or within other advanced tools. I admit, this would be similar to building a simple domain availability check, but it’s a bit different. With a simple domain availability check, that’s where domain name registration is front and center. Let’s say you are building a website with Squarespace or Wix. During that workflow, the system will offer you domain registration. But in other tools or services, let’s say expired domains, or domain name competitions, domain checks are secondary. First, you check if the domain name is worth anything (backlinks, for example), and then you check if it is available for registration.

Another example I can think of is a brand-checking tool. The service checks trademarks, social media handles, and also domain names. Again, this could fall under an advanced domain checker, but advanced domain checkers are all about checking domain names, as explained before, whereas this domain tool has many other functionalities.

And that’s how you use a Whois API

Did I miss any other potential use cases for a Whois API? How are you using Whois? Do you prefer a domain age API or a Domain Availability API? How are you using those?

Related Posts
DNS zone API – explained
machine readable dns zone file

Within WhoAPI there is a particular API called Domain DNS zone (discontinued in 2022), that I would like to cover Read more

What is a WHOIS API?

In case you were wondering what is a WHOIS API or WHOIS REST API, and what does it do, here’s Read more

How to check if a domain name is available or not?
WhoAPI news

I can't remember how many people told me that a certain domain is available for registration, and when I asked Read more

WhoAPI case study: Wikimedia
Wikimedia Foundation employee Oliver Keyes in March 2012.

Oliver Keyes is a programmer and Human-Computer Interaction researcher who works for the Wikimedia Foundation. He's also the author of Read more

39 reasons to signup on WhoAPI
WhoAPI API functions

If you ever wondered or missed the information on what exactly you can get by using WhoAPI, this is the Read more

How to run away from Google’s blacklists

It became normal for Google to blacklist some websites. It happens on a daily basis due to hack attacks, malware, Read more

Founder and CEO of WhoAPI Inc. Goran Duskic is an internet entrepreneur since 2006. He co-founded and sold several online ventures, including a web hosting company.